Vulnerability Analyst

 Location: UK - Hatfield, UK - London | Job-ID: 206296 | Contract type: Standard | Business Unit: Customer Success & Service Delivery

Life on the team

This individual will work collaboratively with many different areas of Group Information Services (GIS) and Group Information Assurance (GIA) to ensure incidents and vulnerabilities are well managed and efficiently remediated in any technology. Oversight and governance of security patching and version management is also in the remit for this role.

What you’ll do

• Stakeholder Management – able to build relationships with peers and evangelise security
• Process Management - Create and manage internal processes and standards around the lifecycle of vulnerability management. Track vulnerability remediation activities alongside multiple infrastructure support teams, IT support partners and external service providers
• Security coordination - Collaborate with Computacenter's security division to understand the company security posture and how the IT department must change to address risks. Triage and prioritise inflow of vulnerabilities from IT Security teams for remediation planning.  Manage exception processes and mitigating controls.
• Patch Management - Oversight and governance of patching activities to ensure all technology stacks are patched regularly and within defined SLA’s to ensure vulnerabilities are effectively remediated. Partner with core infrastructure and application technical teams to optimise patching processes and tooling.
• Drive high standards - Drive all areas of GIS to deliver against vulnerability KPIs.
• Reporting - Create and deliver security focussed scorecards, dashboards and reports relating to vulnerability metrics and KPIs. Partner with stakeholder teams to review reports and identify focus areas.
• Asset Management - Collaborate with asset management functions to ensure an accurate view of all assets, identify any gaps in security tooling and ensure all assets are tracked for vulnerabilities through the asset lifecycle.
• Strategy – Assist with the support and development of short and long term strategies for effective vulnerability management.
• Communication – build partnerships and communication channels with stakeholders at all  levels of the organisation for remediation and proactive prevention of security vulnerabilities.
• Continuous improvement - identify opportunities for process improvement (eg. via automation). Identify systemic security issues, analyse root cause, suggest solution(s) to resolve, document solution, engage stakeholders as needed.
• Incident Management - Support major incidents in relation to vulnerability management / remediation / containment activities across the GIS estate as required, eg. management of zero day vulnerabilities
• Audit Support – provide SME level input to internal and external audits in relation to vulnerability and patch management

What you’ll need

• Demonstrable strong experience working in vulnerability management.
• Demonstrable ability to drive vulnerability remediation across complex environments.
• Experience working with vulnerability scanning tools and interpretation of results.
• Experience in interpreting technical findings from penetration tests.
• Strong IT background, with familiarity of infrastructure and application stacks.
• Strong understanding of established security standards, such as Cyber Essentials, CIS benchmarks and NIST Cyber Security Framework.
• Good understanding of ITIL practices.
• Excellent organisational skills.
• Strong communicator both written and spoken.
• Comfortable working autonomously to deliver value.
• Security certifications will be an advantage – eg. CISSP, CISM, SEC+, GIAC Security Essentials (GSEC).

About us

With over 20,000 employees across the globe, we work at the heart of digitisation, advising organisations on IT strategy, implementing the most appropriate technology, and helping our customers to source, transform and manage their technology infrastructure in over 70 countries. We deliver digital technology to some of the world’s greatest organisations, driving digital transformation, enabling people and their business.